← Zuruck zu CVEs
CVE-2014-2242
N/ABeschreibung
includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht3/2/2014
Zuletzt geandert4/29/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
mediawiki:mediawiki
Schwachen (CWE)
CWE-79
Referenzen
http://openwall.com/lists/oss-security/2014/02/28/1(cve@mitre.org)
http://openwall.com/lists/oss-security/2014/03/01/2(cve@mitre.org)
http://www.securityfocus.com/bid/65910(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=1071135(cve@mitre.org)
https://bugzilla.wikimedia.org/show_bug.cgi?id=60771(cve@mitre.org)
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2014/02/28/1(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2014/03/01/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/65910(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1071135(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.wikimedia.org/show_bug.cgi?id=60771(af854a3a-2127-422b-91ae-364da2661108)
https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.